Disable compression to prevent BREACH attack

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-04-03 13:03:16 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-04-03 13:03:16 +0300
commit: 563fec734912d81cd7caea6fa8ec2b397fb72a9b (patch)
tree: a3cec28180a4241be1fb4df17c27f2126196956d /lib/support/nginx/gitlab
parent: 1eec1f4f20a13d8110757fb5027462346aa0a9fc (diff)
download: gitlab-ce-563fec734912d81cd7caea6fa8ec2b397fb72a9b.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab
index 5bff362da0e..6b31dbd4304 100644
--- a/lib/support/nginx/gitlab
+++ b/lib/support/nginx/gitlab
@@ -42,6 +42,9 @@ server {
   # if a file, which is not found in the root folder is requested,
   # then the proxy pass the request to the upsteam (gitlab unicorn)
   location @gitlab {
+    # We need this to prevent BREACH attack
+    gzip off;
+
     proxy_read_timeout 300; # Some requests take more than 30 seconds.
     proxy_connect_timeout 300; # Some requests take more than 30 seconds.
     proxy_redirect     off;
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-04-03 13:03:16 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-04-03 13:03:16 +0300
commit	563fec734912d81cd7caea6fa8ec2b397fb72a9b (patch)
tree	a3cec28180a4241be1fb4df17c27f2126196956d /lib/support/nginx/gitlab
parent	1eec1f4f20a13d8110757fb5027462346aa0a9fc (diff)
download	gitlab-ce-563fec734912d81cd7caea6fa8ec2b397fb72a9b.tar.gz